CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
31.3%
An Incorrect Permission Assignment for Critical Resource flaw was found in
Horizon on Red Hat OpenStack. Horizon session cookies are created without
the HttpOnly flag despite HorizonSecureCookies being set to true in the
environmental files, possibly leading to a loss of confidentiality and
integrity.
Author | Note |
---|---|
mdeslaur | Red Hat packaging specific issue |